下面列出了io.jsonwebtoken.Claims#getSubject ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
@Override
protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
String jwtHeader = request.getHeader(JWT_HEADER_NAME);
if (jwtHeader == null) {
return null;
}
String encodedJwt = jwtHeader;
try {
Claims claims = Jwts.parser()
.setSigningKey(DatatypeConverter.parseBase64Binary(backendSecret))
.parseClaimsJws(encodedJwt)
.getBody();
AuthnContext authnContext = getAuthnContext(claims);
log.info("Attempting login with userid={} and level={}", claims.getSubject(), authnContext);
return new UsernameContextPrincipal(claims.getSubject(), authnContext);
} catch (UnsupportedJwtException jwtException) {
throw new PreAuthenticatedCredentialsNotFoundException("Invalid JWT Token", jwtException);
}
}
/**
* Generate a Principal from a subject claim.
* @param claims the JWT claims
* @return a Principal, if one can be generated from standard claims
*/
public static Principal withSubjectClaim(final Claims claims) {
final String subject = claims.getSubject();
if (subject == null) return null;
if (isUrl(subject)) {
LOGGER.debug("Using JWT claim with sub: {}", subject);
return new OAuthPrincipal(subject);
}
final String iss = claims.getIssuer();
// combine the iss and sub fields if that appears possible
if (iss != null && isUrl(iss)) {
final String webid = iss.endsWith("/") ? iss + subject : iss + "/" + subject;
LOGGER.debug("Using JWT claim with generated webid: {}", webid);
return new OAuthPrincipal(webid);
}
// Use an OIDC website claim, if one exists
if (claims.containsKey(WEBSITE)) {
final String site = claims.get(WEBSITE, String.class);
LOGGER.debug("Using JWT claim with website: {}", site);
return new OAuthPrincipal(site);
}
return null;
}
public Authentication getAuthentication(String token) {
Claims claims = Jwts.parser()
.setSigningKey(secretKey)
.parseClaimsJws(token)
.getBody();
Collection<? extends GrantedAuthority> authorities =
Arrays.asList(claims.get(AUTHORITIES_KEY).toString().split(",")).stream()
.map(SimpleGrantedAuthority::new)
.collect(Collectors.toList());
User principal = new User(claims.getSubject(), "",
authorities);
return new UsernamePasswordAuthenticationToken(principal, "", authorities);
}
@Override
protected void doFilterInternal(HttpServletRequest req, HttpServletResponse rsp, FilterChain filterChain)
throws ServletException, IOException {
String token = req.getHeader(config.getHeader());
if (token != null && token.startsWith(config.getPrefix() + " ")) {
token = token.replace(config.getPrefix() + " ", "");
try {
Claims claims = Jwts.parser().setSigningKey(config.getSecret().getBytes()).parseClaimsJws(token)
.getBody();
String username = claims.getSubject();
@SuppressWarnings("unchecked")
List<String> authorities = claims.get("authorities", List.class);
if (username != null) {
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(username, null,
authorities.stream().map(SimpleGrantedAuthority::new).collect(Collectors.toList()));
SecurityContextHolder.getContext().setAuthentication(auth);
}
} catch (Exception ignore) {
SecurityContextHolder.clearContext();
}
}
filterChain.doFilter(req, rsp);
}
public Authentication getAuthentication(String token) {
Claims claims = Jwts.parser()
.setSigningKey(secretKey)
.parseClaimsJws(token)
.getBody();
Collection<? extends GrantedAuthority> authorities =
Arrays.asList(claims.get(AUTHORITIES_KEY).toString().split(",")).stream()
.map(SimpleGrantedAuthority::new)
.collect(Collectors.toList());
User principal = new User(claims.getSubject(), "",
authorities);
return new UsernamePasswordAuthenticationToken(principal, "", authorities);
}
static Authentication getAuthentication(HttpServletRequest request) {
Cookie cookie = WebUtils.getCookie(request, COOKIE_BEARER);
String token = cookie != null ? cookie.getValue() : null;
if (token != null) {
Claims claims = Jwts.parser()
.setSigningKey(SECRET)
.parseClaimsJws(token)
.getBody();
Collection<? extends GrantedAuthority> authorities =
Arrays.stream(claims.get("authorities").toString().split(","))
.map(SimpleGrantedAuthority::new)
.collect(Collectors.toList());
String userName = claims.getSubject();
return userName != null ? new UsernamePasswordAuthenticationToken(userName, null, authorities) : null;
}
return null;
}
/**
* 根据token 获取用户名
* @param token
* @return
*/
public String getUsernameFromToken(String token) {
String username;
try {
final Claims claims = getClaimsFromToken(token);
username = claims.getSubject();
} catch (Exception e) {
username = null;
}
return username;
}
/**
* 对请求的验证
* */
public static Authentication getAuthentication(HttpServletRequest request) {
Cookie cookie = WebUtils.getCookie(request, COOKIE_TOKEN);
String token = cookie != null ? cookie.getValue() : null;
if (token != null) {
Claims claims = Jwts.parser()
.setSigningKey(SECRET_KEY)
.parseClaimsJws(token)
.getBody();
// 获取用户权限
Collection<? extends GrantedAuthority> authorities =
Arrays.stream(claims.get("authorities").toString().split(","))
.map(SimpleGrantedAuthority::new)
.collect(Collectors.toList());
String userName = claims.getSubject();
if (userName != null) {
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(userName, null, authorities);
usernamePasswordAuthenticationToken.setDetails(claims);
return usernamePasswordAuthenticationToken;
}
return null;
}
return null;
}
@Before("@annotation(userTokenRequired)")
public void tokenRequiredWithAnnotation(UserTokenRequired userTokenRequired) throws Throwable{
ServletRequestAttributes reqAttributes = (ServletRequestAttributes)RequestContextHolder.currentRequestAttributes();
HttpServletRequest request = reqAttributes.getRequest();
// checks for token in request header
String tokenInHeader = request.getHeader("token");
if(StringUtils.isEmpty(tokenInHeader)){
throw new IllegalArgumentException("Empty token");
}
Claims claims = Jwts.parser()
.setSigningKey(DatatypeConverter.parseBase64Binary(SecurityServiceImpl.secretKey))
.parseClaimsJws(tokenInHeader).getBody();
if(claims == null || claims.getSubject() == null){
throw new IllegalArgumentException("Token Error : Claim is null");
}
String subject = claims.getSubject();
if(subject.split("=").length != 2){
throw new IllegalArgumentException("User token is not authorized");
}
}
@Override
protected void doFilterInternal(HttpServletRequest req, HttpServletResponse rsp, FilterChain filterChain)
throws ServletException, IOException {
rsp.addHeader("Access-Control-Allow-Origin", "*");
rsp.addHeader("Access-Control-Allow-Headers", "Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization");
rsp.addHeader("Access-Control-Expose-Headers", "Access-Control-Allow-Origin, Access-Control-Allow-Credentials, Authorization");
rsp.addHeader("Access-Control-Allow-Methods", "GET");
rsp.addHeader("Access-Control-Allow-Methods", "POST");
rsp.addHeader("Access-Control-Allow-Methods", "PUT");
rsp.addHeader("Access-Control-Allow-Methods", "DELETE");
String token = req.getHeader(config.getHeader());
if(req.getMethod().equals("OPTIONS")) {
rsp.setStatus(HttpServletResponse.SC_OK);
} else {
if (token != null && token.startsWith(config.getPrefix() + " ")) {
token = token.replace(config.getPrefix() + " ", "");
try {
Claims claims = Jwts.parser().setSigningKey(config.getSecret().getBytes()).parseClaimsJws(token)
.getBody();
String username = claims.getSubject();
@SuppressWarnings("unchecked")
List<String> authorities = claims.get("authorities", List.class);
if (username != null) {
UsernamePasswordAuthenticationToken auth = new UsernamePasswordAuthenticationToken(username, null,
authorities.stream().map(SimpleGrantedAuthority::new).collect(Collectors.toList()));
SecurityContextHolder.getContext().setAuthentication(auth);
}
} catch (Exception ignore) {
SecurityContextHolder.clearContext();
}
}
filterChain.doFilter(req, rsp);
}
}
/**
* 从token中获取登录用户名
*/
public String getUserNameFromToken(String token) {
String username;
try {
Claims claims = getClaimsFromToken(token);
username = claims.getSubject();
} catch (Exception e) {
username = null;
}
return username;
}
/**
* 从token中获取登录用户名
*/
public String getUserNameFromToken(String token) {
String username;
try {
Claims claims = getClaimsFromToken(token);
username = claims.getSubject();
} catch (Exception e) {
username = null;
}
return username;
}
public String getUsernameFromToken(String token) {
String username;
try {
final Claims claims = getClaimsFromToken(token);
username = claims.getSubject();
} catch (Exception e) {
username = null;
}
return username;
}
@Override
public String getSubject(String token) {
Claims claims = Jwts.parser()
.setSigningKey(DatatypeConverter.parseBase64Binary(secretKey))
.parseClaimsJws(token).getBody();
return claims.getSubject();
}
public SecurityUser parseAccessJwtToken(RawAccessJwtToken rawAccessToken) {
Jws<Claims> jwsClaims = rawAccessToken.parseClaims(settings.getTokenSigningKey());
Claims claims = jwsClaims.getBody();
String subject = claims.getSubject();
List<String> scopes = claims.get(SCOPES, List.class);
if (scopes == null || scopes.isEmpty()) {
throw new IllegalArgumentException("JWT Token doesn't have any scopes");
}
SecurityUser securityUser = new SecurityUser(new UserId(UUID.fromString(claims.get(USER_ID, String.class))));
securityUser.setEmail(subject);
securityUser.setAuthority(Authority.parse(scopes.get(0)));
securityUser.setFirstName(claims.get(FIRST_NAME, String.class));
securityUser.setLastName(claims.get(LAST_NAME, String.class));
securityUser.setEnabled(claims.get(ENABLED, Boolean.class));
boolean isPublic = claims.get(IS_PUBLIC, Boolean.class);
UserPrincipal principal = new UserPrincipal(isPublic ? UserPrincipal.Type.PUBLIC_ID : UserPrincipal.Type.USER_NAME, subject);
securityUser.setUserPrincipal(principal);
String tenantId = claims.get(TENANT_ID, String.class);
if (tenantId != null) {
securityUser.setTenantId(new TenantId(UUID.fromString(tenantId)));
}
String customerId = claims.get(CUSTOMER_ID, String.class);
if (customerId != null) {
securityUser.setCustomerId(new CustomerId(UUID.fromString(customerId)));
}
return securityUser;
}
public String getUsernameFromToken(String token) {
String username;
try {
final Claims claims = getClaimsFromToken(token);
username = claims.getSubject();
} catch (Exception e) {
username = null;
}
return username;
}
public Authentication getAuthentication(String token) {
Claims claims = Jwts.parser()
.setSigningKey(secretKey)
.parseClaimsJws(token)
.getBody();
Collection<? extends GrantedAuthority> authorities =
Arrays.stream(claims.get(AUTHORITIES_KEY).toString().split(","))
.map(SimpleGrantedAuthority::new)
.collect(Collectors.toList());
User principal = new User(claims.getSubject(), "", authorities);
return new UsernamePasswordAuthenticationToken(principal, token, authorities);
}
/**
* 从token中获取登录用户名
*/
public String getUserNameFromToken(String token) {
String username;
try {
Claims claims = getClaimsFromToken(token);
username = claims.getSubject();
} catch (Exception e) {
username = null;
}
return username;
}
/**
* 根据请求令牌获取登录认证信息
*
* @return Authentication
*/
Authentication getAuthenticationFromToken() {
Authentication authentication = null;
// 获取请求携带的令牌
String token = getToken();
if (token != null) {
// 当前上下文认证信息不存在
if (getAuthentication() == null) {
String unSignKey = getUnSignKey();
Claims claims = JwtUtil.parseToken(token, unSignKey);
if (claims == null) {
return null;
}
String username = claims.getSubject();
if (username == null) {
return null;
}
if (JwtUtil.isTokenExpired(token, unSignKey)) {
return null;
}
String uid = (String) claims.get(UID);
long issuedAt = (long) claims.get(CREATED);
long expire = claims.getExpiration().getTime();
// 设置Token元数据
CrustTokenMetaData tokenMetaData = new CrustTokenMetaData(username, uid, issuedAt, expire);
tokenMetaDataThreadLocal.set(tokenMetaData);
Object RoleIdsObj = claims.get(ROLE_IDS);
List<Long> roleIds = null;
if (RoleIdsObj != null) {
roleIds = Arrays.stream(((String) RoleIdsObj).split(",")).map(Long::parseLong).collect(Collectors.toList());
}
List<String> authoritiesList = getCrustUserDetailsService().findAuthorities(uid);
List<GrantedAuthority> authorities = null;
if (authoritiesList != null) {
authorities = authoritiesList.stream().map(GrantedAuthorityImpl::new).collect(Collectors.toList());
}
CrustUserDetails userDetails = new CrustUserDetails(uid, username, authorities, roleIds);
authentication = new CrustAuthenticationToken(userDetails, null, authorities, token);
} else {
// 当前上下文认证信息存在,验证token是否正确匹配
if (validateToken(token, getUsername())) {
// 如果上下文中Authentication非空,且请求令牌合法,直接返回当前登录认证信息
authentication = getAuthentication();
}
}
}
return authentication;
}
/**
* 从令牌中获取用户名
*
* @param token 令牌
* @return 用户名
*/
public static String getUsernameFromToken(String token) {
Claims claims = getClaimsFromToken(token);
return claims.getSubject();
}